Changes between Initial Version and Version 1 of Ticket #38055


Ignore:
Timestamp:
Feb 14, 2013, 12:03:37 AM (12 years ago)
Author:
larryv (Lawrence Velázquez)
Comment:

Thanks for the ticket. In the future, please Cc relevant port maintainers and use WikiFormatting to format your ticket description.

Have you upgraded to openssl @1.0.1d or @1.0.1e? There have been… problems… with these versions. To say the least. (See #38015, among others.)

If you happen to still have @1.0.1c around (port installed openssl), could you try activating that version to see if it clears up your problem?

sudo port activate openssl @1.0.1c

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #38055

    • Property Cc mww@… cal@… egall@… larryv@… added
    • Property Keywords gmail alpine openssl removed
    • Property Port openssl added
  • Ticket #38055 – Description

    initial v1  
    33After a recent update of alpine and of openssl, alpine now comes
    44back with the following on launch going to my inbox:
     5
     6{{{
    57There was an SSL/TLS failure for the server
    68                                     imap.gmail.com
     
    1719                                  imap.gmail.com/notls
    1820Type RETURN to continue.
     21}}}
    1922
    2023A co-worker suggested trying the following command:
     24
     25{{{
    2126$ openssl s_client -connect imap.gmail.com:993
    2227CONNECTED(00000003)
     
    6570    Verify return code: 20 (unable to get local issuer certificate)
    6671---
     72}}}
     73
    6774After seeing this ouput, he remarked:
    68 I think alpine uses the same cert store as openssl. But the point
    69 not on curve error is more interesting.  More likely, the new openssl
    70 supports ECC ciphers out of the box, and there's some incompatibility
    71 with Google's support for it.  You might want to see if Alpine supports
    72 configuration of the acceptable ciphers (like the Apache SSLCiphers
    73 or SSH's Cipher option).  Then set it to remove the ECC ciphers and
    74 see if it's happier.
    75 --
     75    I think alpine uses the same cert store as openssl. But the point
     76    not on curve error is more interesting.  More likely, the new openssl
     77    supports ECC ciphers out of the box, and there's some incompatibility
     78    with Google's support for it.  You might want to see if Alpine supports
     79    configuration of the acceptable ciphers (like the Apache SSLCiphers
     80    or SSH's Cipher option).  Then set it to remove the ECC ciphers and
     81    see if it's happier.
     82
    7683I didn't see where to configure acceptable ciphers in alpine and not
    7784sure if that needs to be configured in openssl.